Subj : North Korean hackers crack DMARC to spoof emails from trusted sou To : All From : TechnologyDaily Date : Mon May 06 2024 17:00:06 North Korean hackers crack DMARC to spoof emails from trusted sources Date: Mon, 06 May 2024 15:58:59 +0000 Description: Kimsuky is impersonating journalists, once again, as it attempts to obtain valuable intelligence. FULL STORY ====================================================================== North Korean state-sponsored threat actors are abusing misconfigurations in DMARC to send convincing phishing emails and gather vital intelligence from Western targets, officials have warned. A new joint advisory published by the US National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Department of State outlines how the hacking collective known as Kimsuky, which is believed to be strongly tied to Lazarus Group, and thus, with the North Korean government, has been spotted abusing improperly configured DMARC record policies to make it seem as if the emails are coming from legitimate sources. DMARC stands for Domain-based Message Authentication, Reporting, and Conformance, and is described as an email authentication protocol that helps prevent email spoofing, phishing, and other fraudulent activities. DMARC works by allowing senders to authenticate their messages via cryptographic signatures, and establishing how recipients should handle messages that fail the authentication. Grabbing intelligence The three agencies said Kimsukys goal is to collect intelligence on geopolitical events, adversary foreign policy strategies, and any information affecting DPRK interests by gaining illicit access to targets' private documents, research, and communications. To make sure the victim responds to the phishing email, and shares the information they are looking for, the hackers will diligently prepare. They will thoroughly research their target, and either create fake identities, or impersonate other people, when reaching out. When stealing other peoples identities, they will mostly impersonate journalists, academics, or other experts in East Asian affairs with credible links to North Korean policy circles, it was said. Citing an earlier Proofpoint report, TheHackerNews said this technique was first observed in December last year, when Kimsuky engaged in a broader effort to target foreign policy experts for their opinions on nuclear disarmament, among other things. Kimsuky is described as a savvy social engineering expert, the publication concluded. More from TechRadar Pro Apple macOS users targeted with more cyberattacks via dodgy ads and websites Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/north-korean-hackers-crack-dmarc-to-spo of-emails-from-trusted-sources --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .